diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js')
-rw-r--r-- | dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js new file mode 100644 index 0000000000..b218f1438f --- /dev/null +++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js @@ -0,0 +1,51 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/* + * Tests the "Is origin potentially trustworthy?" logic from + * <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>. + */ + +const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm"); + +Services.prefs.setCharPref( + "dom.securecontext.allowlist", + "example.net,example.org" +); + +Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", false); + +add_task(async function test_isOriginPotentiallyTrustworthy() { + for (let [uriSpec, expectedResult] of [ + ["http://example.com/", false], + ["https://example.com/", true], + ["http://localhost/", true], + ["http://localhost.localhost/", true], + ["http://127.0.0.1/", true], + ["file:///", true], + ["resource:///", true], + ["moz-extension://", true], + ["wss://example.com/", true], + ["about:config", false], + ["http://example.net/", true], + ["ws://example.org/", true], + ["chrome://example.net/content/messenger.xul", false], + ["http://1234567890abcdef.onion/", false], + ]) { + let uri = NetUtil.newURI(uriSpec); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + Assert.equal(principal.isOriginPotentiallyTrustworthy, expectedResult); + } + // And now let's test whether .onion sites are properly treated when + // allowlisted, see bug 1382359. + Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", true); + let uri = NetUtil.newURI("http://1234567890abcdef.onion/"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + Assert.equal(principal.isOriginPotentiallyTrustworthy, true); +}); |